ffmpeg | branch: release/2.8 | Michael Niedermayer <mich...@niedermayer.cc> | Sat Sep 17 21:48:43 2022 +0200| [f534619700a46bc5e5ed7ca1bf01919dc2b74fc8] | committer: Michael Niedermayer
avformat/cafdec: Check that nb_frasmes fits within 64bit Fixes: signed integer overflow: 1099511693312 * 538976288 cannot be represented in type 'long' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-6565048815845376 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> (cherry picked from commit d4bb4e375975dc0d31d5309106cf6ee0ed75140f) Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f534619700a46bc5e5ed7ca1bf01919dc2b74fc8 --- libavformat/cafdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/cafdec.c b/libavformat/cafdec.c index 7596611d28..ee46d19bbe 100644 --- a/libavformat/cafdec.c +++ b/libavformat/cafdec.c @@ -335,7 +335,7 @@ static int read_header(AVFormatContext *s) return AVERROR_INVALIDDATA; if (caf->bytes_per_packet > 0 && caf->frames_per_packet > 0) { - if (caf->data_size > 0) + if (caf->data_size > 0 && caf->data_size / caf->bytes_per_packet < INT64_MAX / caf->frames_per_packet) st->nb_frames = (caf->data_size / caf->bytes_per_packet) * caf->frames_per_packet; } else if (st->nb_index_entries && st->duration > 0) { st->codec->bit_rate = st->codec->sample_rate * caf->data_size * 8 / _______________________________________________ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
